In association with heise online

19 January 2007, 18:51

Denail-of-Service problem in Bitdefender's enterprise scanners

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Bitdefender has closed a format string vulnerability in its virus scanners for enterprise networks. Attackers were at least able to exploit this vulnerability for denial of service attacks. The vulnerability affects version 8.02 of BitDefender's Client Professional Plus. The vendor is distributing a remedied version of the software via the automatic update service.

The flaw is a format string vulnerability in the routines that create log files of the virus scanner's searches. Attackers could use specially prepared information in the scan settings to read and write arbitrary areas of the memory, causing the scanner to crash at the very least. Administrators of BitsDefender solutions are advised to update their software immediately if this has not already happened automatically.

Also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit